As insurance professionals we are accustomed to knowing everything about insurance. We are the “masters of our insurance domain” if you will. We are the ones that “educate” and explain the insurance terminology to customers, ask the right questions that will help determine the risk levels and consequently the premiums, and then communicate the terms of the policies to the client. The better we do this, the more trust and confidence we build in our client’s minds. But when it comes to cyber insurance, the roles seemed to have switched. I hear many insurance professionals that feel a sense of inferiority with their clients when it comes to cyber insurance. Afterall, when it comes to cyber security, the client’s technical staff know much more then them about this domain.
But is this “cyber-insurance phobia” justified? Why can insurance professionals sell medical insurance without being doctors? or insurance against break-ins without being security experts, yet when it comes to “cyber insurance”, they can’t even imagine how we can come off as “professionals” in front of clients?
Insurance professionals lack basic technical knowledge
The answer is that insurance professionals lack the basic technical knowledge needed to carry an intelligent conversation with clients about cyber insurance. They don’t need to come off as the cyber security specialists, but they do need to know all the relevant terminology, and on top of this basic knowledge, have deeper knowledge on the insurance aspects concerning cyber insurance. This includes knowing about the cyber risks, understand their roles concerning claims and incident response, risk management, regulatory compliance, and much more.
Cyber insurance knowledge needed for each role
Insurance professionals are not all the same, they have different roles, and each role requires different knowledge and different tools. Here are a few examples:
- Brokers – insurance brokers are the consultants that will make or break the cyber insurance deal. They must learn how to explain coverages, endorsements, exclusions, and the services provided by the insurance company. They need to be able to explain cyber threats, exposure, and security gaps, quantify risk and help choose the appropriate liability limits and deductibles. In addition, brokers need to be able to coordinate between different insurers to build a full policy.
- Underwriters – the underwriters need to learn how to perform cyber due diligence, analyze security exposures and risks, and assess the current security posture. They also need to be able to determine premium prices and capacity based on the insurer’s risk appetite as well as determine which of the requested coverages and endorsements will be included in the policy.
- Claims Professionals – When a cyber-attack occurs, the claims professionals are part of the response team. Their fast response, proper notification, and activation of the different roles along the response chain is crucial and can make a huge difference. Claims professionals need to be able to deeply understand the cyber insurance policy and its coverages. They must learn how to assess the incident and how it relates to the policy terms; learn how to appoint experts to assist in quantifying losses. Be able to coordinate between different insurers to build a full policy. Learn how to evaluate damages to make claims’ payment decisions. And be able to make real-time decisions on payments for services on behalf of the insured.
- Risk Managers – Risk managers need to learn how to identify and analyze the financial impact of cyber threats in order to prepare risk management and insurance budgets. They must be able to quantify risk and help choose the appropriate liability limits and deductibles.
Today, cyber threats are affecting all aspects of life, whether it’s in our connected cars, smart homes, etc. This means that all insurance professionals, whether they are directly dealing with cyber insurance or not, need to learn the basics of cyber insurance. They need to at least know the terms, understand the risks, and be able to speak the basic language. Cyber insurance professionals, on the other hand, need to go deeper and become experts in cyber insurance to carry out their roles.
Luckily, this knowledge gap can be filled without the need for endless internal training sessions that can take most of their time during the day. Instead, the Cyber Insurance Academy, is offering a comprehensive course that covers both the basic technical knowledge training as well as in-depth cyber insurance knowledge. And the best part is that the course is completely online and asynchronous, so everyone can learn at their own pace whenever they have time.